sql: check schema privileges when dropping role #103467
Conversation
|
This change is |
Previously, dropping a role which has privileges on a schema did not result in a error. This patch fixes this bug by adding the missing logic which performs this check. Fixes cockroachdb#102962. Release note (bug fix): DROP ROLE now correctly returns an 2BP01 error when the given role has been granted privileges on a schema.
|
Do we also need to add an upgrade step to scan the descriptors system table and garbage-collect any dangling user references in the privilege descriptors, or is that overkill? |
There was a problem hiding this comment.
i think we can forgo the upgrade step. let's just get to that when we have more of a need. we do have #93940 coming up, which will need to touch all privilege descriptors. i'll leave a note there to look out for dangling references.
thanks for picking this up! i'll add labels to backport this
Reviewable status:
complete! 0 of 0 LGTMs obtained
rafiss
added
backport-22.2.x
backport-23.1.x
|
Makes sense. Thanks for the review! bors r+ |
|
This PR was included in a batch that timed out, it will be automatically retried |
|
This PR was included in a batch that timed out, it will be automatically retried |
|
Build succeeded: |
Previously, dropping a role which has privileges on a schema did not result in a error. This patch fixes this bug by adding the missing logic which performs this check.
Fixes #102962.
Release note (bug fix): DROP ROLE now correctly returns an 2BP01 error when the given role has been granted privileges on a schema.